- title: "SAST support for .NET 2.1"
  announcement_milestone: "14.8"
  removal_milestone: "15.0"
  breaking_change: true
  reporter: connorgilbert
  body: |  # Do not modify this line, instead modify the lines below.
    The GitLab SAST Security Code Scan analyzer scans .NET code for security vulnerabilities.
    For technical reasons, the analyzer must first build the code to scan it.

    In GitLab versions prior to 15.0, the default analyzer image (version 2) includes support for:

    - .NET 2.1
    - .NET 3.0 and .NET Core 3.0
    - .NET Core 3.1
    - .NET 5.0

    In GitLab 15.0, we will change the default major version for this analyzer from version 2 to version 3. This change:

    - Adds [severity values for vulnerabilities](https://gitlab.com/gitlab-org/gitlab/-/issues/350408) along with [other new features and improvements](https://gitlab.com/gitlab-org/security-products/analyzers/security-code-scan/-/blob/master/CHANGELOG.md).
    - Removes .NET 2.1 support.
    - Adds support for .NET 6.0, Visual Studio 2019, and Visual Studio 2022.

    Version 3 was [announced in GitLab 14.6](https://about.gitlab.com/releases/2021/12/22/gitlab-14-6-released/#sast-support-for-net-6) and made available as an optional upgrade.

    If you rely on .NET 2.1 support being present in the analyzer image by default, you must take action as detailed in the [deprecation issue for this change](https://gitlab.com/gitlab-org/gitlab/-/issues/352553#breaking-change).
# The following items are not published on the docs page, but may be used in the future.
  stage: Secure
  tiers: [Free, Silver, Gold, Core, Premium, Ultimate]
  issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/352553
